Best Practices

The “Dynamic Web and Mobile Application Development” guide newly published by DZone includes a section on API Token Management Security by Isabelle Mauny that takes a look at the best practices from the API perspective concerning, for example, obtaining tokens and keys, token management, OAuth, and JWT.

Standards

The European Telecommunications Standards Institute (ETSI) proposed their variation of TLS 1.3 called eTLS and it looks quite bad: it removes the full forward secrecy, and thus potentially enables eavesdropping by telcos and companies, as well as man-in-the-middle attacks.